Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix broken apt::source declaration for Debian-based systems #142

Merged
merged 3 commits into from
Oct 17, 2023
Merged

Fix broken apt::source declaration for Debian-based systems #142

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a333fad
Fix broken apt::source declaration for Debian-based systems
omeinderink Oct 7, 2021
4b4f8f3
apt repo: Use upstream gpg repo key
bastelfreak Oct 17, 2023
b96c9e2
yumrepo: simplify gpg key setup
bastelfreak Oct 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions REFERENCE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ The following parameters are available in the `gitlab_ci_runner` class:
* [`config_dir_mode`](#-gitlab_ci_runner--config_dir_mode)
* [`http_proxy`](#-gitlab_ci_runner--http_proxy)
* [`ca_file`](#-gitlab_ci_runner--ca_file)
* [`repo_keysource`](#-gitlab_ci_runner--repo_keysource)

##### <a name="-gitlab_ci_runner--runners"></a>`runners`

Expand Down Expand Up @@ -298,6 +299,14 @@ The ca_file must exist. If it doesn't, Gitlab runner token generation will be sk

Default value: `undef`

##### <a name="-gitlab_ci_runner--repo_keysource"></a>`repo_keysource`

Data type: `Stdlib::HTTPSUrl`

URL to the gpg file used to sign the apt packages

Default value: `"${repo_base_url}/gpg.key"`

## Defined types

### <a name="gitlab_ci_runner--runner"></a>`gitlab_ci_runner::runner`
Expand Down
2 changes: 2 additions & 0 deletions manifests/init.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@
# `certificate verify failed (self signed certificate in certificate chain)`
# Using the CA file solves https://github.com/voxpupuli/puppet-gitlab_ci_runner/issues/124.
# The ca_file must exist. If it doesn't, Gitlab runner token generation will be skipped. Gitlab runner will not register until either the file exists or the ca_file parameter is not specified.
# @param repo_keysource URL to the gpg file used to sign the apt packages
#
class gitlab_ci_runner (
String $xz_package_name, # Defaults in module hieradata
Expand All @@ -99,6 +100,7 @@
Optional[Stdlib::Filemode] $config_dir_mode = undef,
Optional[Stdlib::HTTPUrl] $http_proxy = undef,
Optional[Stdlib::Unixpath] $ca_file = undef,
Stdlib::HTTPSUrl $repo_keysource = "${repo_base_url}/gpg.key",
) {
if $manage_docker {
# workaround for cirunner issue #1617
Expand Down
6 changes: 4 additions & 2 deletions manifests/repo.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
class gitlab_ci_runner::repo (
$repo_base_url = $gitlab_ci_runner::repo_base_url,
$repo_keyserver = $gitlab_ci_runner::repo_keyserver,
$repo_keysource = $gitlab_ci_runner::repo_keysource,
$package_name = $gitlab_ci_runner::package_name,
) {
assert_private()
Expand All @@ -16,6 +17,7 @@
repos => 'main',
key => {
'id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F',
'source' => $repo_keysource,
'server' => $repo_keyserver,
},
include => {
Expand Down Expand Up @@ -46,7 +48,7 @@
descr => "runner_${package_name}",
enabled => '1',
gpgcheck => '0',
gpgkey => "${repo_base_url}/gpg.key",
gpgkey => $repo_keysource,
repo_gpgcheck => '1',
sslcacert => '/etc/pki/tls/certs/ca-bundle.crt',
sslverify => '1',
Expand All @@ -58,7 +60,7 @@
descr => "runner_${package_name}-source",
enabled => '1',
gpgcheck => '0',
gpgkey => "${repo_base_url}/gpg.key",
gpgkey => $repo_keysource,
repo_gpgcheck => '1',
sslcacert => '/etc/pki/tls/certs/ca-bundle.crt',
sslverify => '1',
Expand Down
9 changes: 5 additions & 4 deletions spec/classes/gitlab_ci_runner_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -360,7 +360,8 @@
repos: 'main',
key: {
'id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F',
'server' => undef_value
'server' => undef_value,
'source' => 'https://packages.gitlab.com/gpg.key',
},
include: {
'src' => false,
Expand Down Expand Up @@ -425,7 +426,7 @@
it { is_expected.to contain_class('gitlab_ci_runner::repo') }

it do
is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', 'server' => 'keys.gnupg.net')
is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', 'server' => 'keys.gnupg.net', 'source' => 'https://packages.gitlab.com/gpg.key')
end
end

Expand All @@ -442,7 +443,7 @@
it { is_expected.to contain_class('gitlab_ci_runner::repo') }

it do
is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', 'server' => 'hkp://keys.gnupg.net:80')
is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', 'server' => 'hkp://keys.gnupg.net:80', 'source' => 'https://packages.gitlab.com/gpg.key')
end
end

Expand All @@ -458,7 +459,7 @@
it { is_expected.to contain_class('gitlab_ci_runner::repo') }

it do
is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', 'server' => 'https://keys.gnupg.net:88')
is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', 'server' => 'https://keys.gnupg.net:88', 'source' => 'https://packages.gitlab.com/gpg.key')
end
end
end
Expand Down